General
-
Target
TOP-010122 HTGW-210122.xls
-
Size
70KB
-
Sample
220121-sfrqmahhc5
-
MD5
54a404bdf97dec3861e86661501de08f
-
SHA1
d265c805ce856e563e54b014495ac663c9181d3c
-
SHA256
8a07b30e84df7c4db85691e055e4f39fb78621392b7a282b3b64d13a675e14b1
-
SHA512
09a4bcb74c1018711277aea44df07a25b751903bf97b27ecb16e30acfb9563219ec1c0f3d654095e8f8bc14224dcbd5247b8520bdb13fdb2ee7740049a647bc8
Malware Config
Extracted
http://0xb907d607/fer/fe2.html
Extracted
http://185.7.214.7/fer/fe2.png
Extracted
emotet
Epoch4
131.100.24.231:80
209.59.138.75:7080
103.8.26.103:8080
51.38.71.0:443
212.237.17.99:8080
79.172.212.216:8080
207.38.84.195:8080
104.168.155.129:8080
178.79.147.66:8080
46.55.222.11:443
103.8.26.102:8080
192.254.71.210:443
45.176.232.124:443
203.114.109.124:443
51.68.175.8:8080
58.227.42.236:80
45.142.114.231:8080
217.182.143.207:443
178.63.25.185:443
45.118.115.99:8080
Targets
-
-
Target
TOP-010122 HTGW-210122.xls
-
Size
70KB
-
MD5
54a404bdf97dec3861e86661501de08f
-
SHA1
d265c805ce856e563e54b014495ac663c9181d3c
-
SHA256
8a07b30e84df7c4db85691e055e4f39fb78621392b7a282b3b64d13a675e14b1
-
SHA512
09a4bcb74c1018711277aea44df07a25b751903bf97b27ecb16e30acfb9563219ec1c0f3d654095e8f8bc14224dcbd5247b8520bdb13fdb2ee7740049a647bc8
Score10/10-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Drops file in System32 directory
-